As some of you may have seen in the news, there has been a recent cybersecurity incident involving PowerSchool, a software vendor that provides our Student Information System (SIS). This incident has had nation-wide impact.
Unfortunately, they have confirmed that this incident did impact PowerSchool SIS customer data that belongs to Thomas MacLaren School’s families, faculty, and staff. PowerSchool is still continuing its investigation, and we are also working hard on our end to establish exactly what was and was not impacted.
Here’s what we know so far:
- PowerSchool informed us that the compromised data primarily includes parent, student, and employee contact information with data elements such as name and address information.
- We have established that no student or employee Social Security numbers were impacted.
- User accounts and passwords were not compromised.
We take the safety and security of our students, families, and staff extremely seriously. PowerSchool has assured us that this incident was contained, and they do not anticipate the data being used or shared, but they will be providing more information and resources (including credit monitoring or identity protection services if applicable) as they become available. We will also provide updates as we receive them.
Questions or concerns about this breach, including about the specific data that may have been compromised for your child, can be directed to the school’s dedicated support team at [email protected]
Important Update Regarding PowerSchool Data Security - May 22, 2025
PowerSchool is aware that a threat actor has reached out to multiple school district customers in an attempt to extort them using data from the previously reported December 2024 incident. PowerSchool does not believe this is a new incident.
Please be assured that both PowerSchool and Thomas MacLaren School are taking this situation very seriously. PowerSchool has informed us they are working with cybersecurity experts to thoroughly assess this development and have reported it to law enforcement in both Canada and the United States.
As a reminder, following that incident PowerSchool also offered and made widely available credit monitoring and identity protection services for a period of two years to MacLaren students and faculty regardless of whether they were individually involved. We encourage all those who were offered these services to take advantage of them. Please visit this link: https://www.powerschool.com/security/sis-incident/notice-of-united-states-data-breach/
As was reported earlier this year, PowerSchool made the decision to pay a ransom because they believed it to be in the best interest of their customers and the students and communities they serve. As is always the case with these situations, there was a risk that the bad actors would not delete the data they stole, despite assurances and evidence that were provided PowerSchool.
MacLaren remains committed to working closely with PowerSchool and law enforcement to provide support in any way we can.